﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net.Http;
using System.Net;

using Microsoft.ApplicationServer.Http.Dispatcher;

using ERPStore;

namespace ERPStore.Offers.Security
{
	public class AuthorizedOperationHandler : HttpOperationHandler<HttpRequestMessage, HttpRequestMessage>
	{
		public AuthorizedOperationHandler()
			: base("response")
		{

		}

		protected override HttpRequestMessage OnHandle(HttpRequestMessage input)
		{
			var header = input.Headers.GetValues("apikey");
			if (header.IsNullOrEmpty())
			{
				throw new HttpResponseException(HttpStatusCode.Unauthorized);
			}
			var apiKey = header.First();
			if (!apiKey.Equals(ERPStore.ERPStoreApplication.WebSiteSettings.ApiToken))
			{
				throw new HttpResponseException(HttpStatusCode.Unauthorized);
			}

			return input;
		}
	}
}
